Tuesday, September 30, 2014

OpenWRT on Cisco Linksys E2000 and back to stock firmware

The goal of my effort was to create two separate WLAN SSID's that linked to two different VLAN's on the Linksys E2000. I did not get it working at that time and reverted back to the original firmware. This article describes my painful (took me a lot of time to find things out) journey.

Background

I replaced my Linksys / Cisco E2000 by a TP-Link TL-WA901ND, because I wasn't really satisfied with the coverage of the Linksys / Cisco E2000 and I wanted to have a separate SSID for guest Wifi access in my house. The TP-Link supports multiple SSID's and VLANning out of the box.



For devices that still are in their warranty period, I prefer to stay with stock firmware as long as it still does what I'd like it to do (hmmm, the clock is way off and I still can't find the NTP settings...).

I still have a purpose for the E2000, as I would like to have some better coverage in the attic. The stock firmware however does not support VLAN's. I also had problems configuring it so that it behaved as 'just' an Access Point. I was able to configure it as an access point, but that immediately disabled access to the interface. If I wanted to change the config, I had to reset it and configure it all over again. I never found out what caused it. That's why I wanted to play around with OpenWRT

 

 'Flashing' the Cisco Linksys E2000 with OpenWRT

To install OpenWRT on the E2000, I, of course, read the OpenWRT wiki page on the Linksys E2000. And the page on the WRT320N v2.0, as it was based on the same hardware according to the wiki. And the page on flashing using the TFTP server in the bootloader. But nothing worked.

As a last resort, I tried to upload the firmware using the standard 'Update Firmware' functionality of the stock Cisco firmware as is described on the OpenWRT Linksys WRT320N/E2000 page (huh, another page?). Much to my surprise, this worked. I uploaded openwrt-e2000_v1-squashfs.bin. Unfortunately, I didn't not create this blogposting right away, but I think I got it from here.

After that, you can telnet to 192.168.1.1, set a root password and replace telnet with SSH, see first login. You can use the normal reset procedure (press & hold the reset button for ~5 s) to revert the config to the start state (if the management interface becomes unreachable for instance).

 

Configuring OpenWRT

Multiple SSIDs and 802.11n are not supported by the b43 driver

The Linksys E2000 V1 is powered by a Broadcom BCM4716 System on a Chip. According to Linux Wireless drivers (b43) page, it is a BCMA SoC. This leaves you with two drivers for the E2000, either the default b43 driver or the brcmsmac driver. I wasn't able to install the brcmsmac driver, using opkg on Chaos Calmer (Bleeding Edge, r42687), due to problems in dependencies (because the packages are updated frequently and expect a newer kernel). I haven't put much effort in that, as I haven't seen any positive results when someone got it installed (see here and here). The problems with the b43 driver are:
  1. I wasn't able to get 802.11n working, only 802.11g. That's of course quite a dealbreaker.
  2. I wasn't able to get multiple SSIDs in the air. If I configured multiple SSIDs, either the second one in the config file showed up, or no SSID showed up at all (probably depending on the OpenWRT version)

 

Bricking and Unbricking

When I was initially done with installing and configuring the trunk version. I wanted to install a stable version, as I wasn't planning on flashing the device daily to patch any security problems.

I downloaded Attitude Adjustment, checked the integrity and flashed it, using sysupgrade:

wget http://downloads.openwrt.org/attitude_adjustment/12.09/brcm47xx/generic/openwrt-brcm47xx-squashfs.trx

sysupgrade -v /tmp/openwrt-brcm47xx-squashfs.trx

Unfortunately, after that flash, the device wasn't reachable anymore over ethernet. I tried to reset it and even performed the 30-30-30 reset which should only work on dd-wrt (?). That didn't help. Also, trying to flash the firmware using tftp still did not work.

The only way to unbrick it, was to open the E2000, solder wires to the connections for the serial port and connect that to a TTL to USB cable to get console access. A lot of information for this (such as the pin layout for serial port) is in this thread on the dd-wrt forum.


As this was my first attempt to solder something to a PCB and it worked, I guess it doesn't require much precision (as you can see). I used an Ada Fruit USB to Serial TTL cable (PL2303TA chipset).

With that console access, I found out that my ethernet ports were not functioning at all. I wasn't able to find out what was the cause of this. The WLAN was functioning however (but since I reset it, the default config was to disable WLAN). I could turn on the WLAN and, using Linux on my laptop, use netcat to send the trunk version of OpenWRT to the E2000. Once that succeeded, I could successfully flash the trunk version and it worked again!

I am still wondering what I could've done if I had no wireless, but only the console. I found all kinds of methods, but they basically used z-, y-, or xmodem or kermit to transfer files using the console. But the default OpenWRT image does not have these tools installed (at least, I didn't find them).

The console also allowed me to see why the tftp flashing wasn't working. Apparently, if I timed it right (it was kinda precise, it only worked for me when I had the cable inserted in the port 2 (coincidence?) and started the Windows TFTP client at the same time as a I turned the device on)  the E2000 received the firmware, but it rejected it. I tried it with a couple of versions, including the default Linksys firmware, but also trailed and non-trailed builds of OpenWRT: I couldn't get it to work.


Conclusion

Finally, I reflashed the original firmware. There was a new version, that at least got rid of the bug that I was experiencing which caused me to not be able to login anymore after I had configured it.


I followed the steps on the OpenWRT wiki page on 'uninstalling': I downloaded the latest firmware from the Linksys site and cut of the header as indicated:
 
dd bs=32 skip=1 if=original.bin of=original.trx
 
I used sysupgrade to flash the E2000 to the stock firmware.

No comments:

Post a Comment